Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mubashar
New Contributor

TCP handshake between servers

scenario is

Server1(192.168.31.65)-fortigateA---MPLS_VPN---fortigateB-Server2(172.16.31.23)

 

we are making ADC on fortigateB side

 

whenever server2 check for specific port like 3268,3269,88 towards Server1 used in Active Directory environment with following command all went normal all ports in listening state

 

Test-Netconnection 192.168.31.65 -port 3269

but whenever we do from server1 towards server2 ports like (389,88,3268 ) are closed

 

Test-Netconnection 172.16.31.23 -port 3269

 

we have checked on rules are services and source or destination are fine on both sides , but problem always from server1 side

following is pic from server1 side

 

tcp-handshake.png

 

what could be the reason here

Mubashar Ahmad
Mubashar Ahmad
2 REPLIES 2
AEK
Honored Contributor II

Hello

First check that the mentioned ports are listening on server2. You can use on of the following commands on server2:

  • netstat -an
  • Test-Netconnection 172.16.31.23 -port 3269

After that you can use the following command on FortiGateB to see if the traffic through VPN tunnel is reaching serverB:

  • diag snif packet any 'host 172.16.31.23 and port 3269' 4
AEK
AEK
hbac
Staff
Staff

Hi @mubashar,

 

Please collect debug flow to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

Labels
Top Kudoed Authors